openstack/openstack-manuals
Code Issues Proposed changes

Setting up Administrator Guide Dashboard Chapter, part 2

Browse Source 
Introducing Admin User Guide dashboard content to
the Cloud Admin Guide as a part of the reorganisation
goal. This patch is the second step in creating a new
Dashboard section for Admin Users in the Cloud Admin Guide,
as discussed in the User Guide Specialty team meetings.

First step: https://review.openstack.org/281635

Chapters copied:

   dashboard_manage_resources.rst
   dashboard_manage_services.rst
   dashboard_manage_volumes.rst
   dashboard_set_quotas.rst
   dashboard_view_cloud_resources.rst
   dashboard_admin_manage_roles.rst

dashboard.rst TOC updated.

Change-Id: Idc8a900d3a8b7396e884764d7962a0a8991948ac
Implements: blueprint user-guides-reorganised
This commit is contained in:
Bernd Bausch 2016-02-22 15:43:17 +09:00
parent 44a47c86d8
commit 34ea37e470
7 changed files with 425 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
doc/admin-guide-cloud/source/dashboard.rst
View File

@ -16,27 +16,18 @@ for your operating system.
common/dashboard_customizing.rst
dashboard_sessions.rst
dashboard_manage_images.rst
dashboard_admin_manage_roles.rst
dashboard_manage_instances.rst
dashboard_manage_flavors.rst
dashboard_manage_volumes.rst
dashboard_manage_shares.rst
dashboard_set_quotas
dashboard_manage_resources.rst
dashboard_manage_host_aggregates.rst
dashboard_admin_manage_stacks.rst
- To deploy the Dashboard, see the `OpenStack dashboard documentation
- To deploy the dashboard, see the `OpenStack dashboard documentation
<http://docs.openstack.org/developer/horizon/topics/deployment.html>`__.
- To launch instances with the Dashboard, see the `OpenStack End User
- To launch instances with the dashboard, see the `OpenStack End User
Guide <http://docs.openstack.org/user-guide/dashboard_launch_instances.html>`__.
.. Additional Documents to add-the final toctree should resemble this- <JR>
.. dashboard_manage_images.rst
.. *dashboard_admin_manage_roles.rst
.. dashboard_manage_instances.rst
.. dashboard_manage_flavors.rst
.. *dashboard_manage_volumes.rst
.. *dashboard_manage_shares.rst
.. *dashboard_set_quotas
.. *dashboard_manage_resources.rst
.. dashboard_manage_host_aggregates.rst
.. dashboard_admin_manage_stacks.rst

59
doc/admin-guide-cloud/source/dashboard_admin_manage_roles.rst Normal file
View File

@ -0,0 +1,59 @@
=======================
Create and manage roles
=======================
A role is a personality that a user assumes to perform a specific set
of operations. A role includes a set of rights and privileges. A user
assumes that role inherits those rights and privileges.
.. note::
OpenStack Identity service defines a user's role on a
project, but it is completely up to the individual service
to define what that role means. This is referred to as the
service's policy. To get details about what the privileges
for each role are, refer to the ``policy.json`` file
available for each service in the
``/etc/SERVICE/policy.json`` file. For example, the
policy defined for OpenStack Identity service is defined
in the ``/etc/keystone/policy.json`` file.
Create a role
~~~~~~~~~~~~~
#. Log in to the dashboard and choose the :guilabel:`admin` project from
the :guilabel:`CURRENT PROJECT` drop-down list.
#. On the :guilabel:`Admin` tab, click the :guilabel:`Roles` category.
#. Click the :guilabel:`Create Role` button.
In the :guilabel:`Create Role` window, enter a name for the role.
#. Click the :guilabel:`Create Role` button to confirm your changes.
Edit a role
~~~~~~~~~~~
#. Log in to the dashboard and choose the :guilabel:`admin` project from
the :guilabel:`CURRENT PROJECT` drop-down list.
#. On the :guilabel:`Admin` tab, click the :guilabel:`Roles` category.
#. Click the :guilabel:`Edit` button.
In the :guilabel:`Update Role` window, enter a new name for the role.
#. Click the :guilabel:`Update Role` button to confirm your changes.
.. note::
Using the dashboard, you can edit only the name assigned to
a role.
Delete a role
~~~~~~~~~~~~~
#. Log in to the dashboard and choose the :guilabel:`admin` project from
the :guilabel:`CURRENT PROJECT` drop-down list.
#. On the :guilabel:`Admin` tab, click the :guilabel:`Roles` category.
#. Select the role you want to delete and click the :guilabel:`Delete
Roles` button.
#. In the :guilabel:`Confirm Delete Roles` window, click :guilabel:`Delete
Roles` to confirm the deletion.
You cannot undo this action.

10
doc/admin-guide-cloud/source/dashboard_manage_resources.rst Normal file
View File

@ -0,0 +1,10 @@
====================
View cloud resources
====================
.. toctree::
:maxdepth: 2
dashboard_manage_services.rst
dashboard_view_cloud_resources.rst

38
doc/admin-guide-cloud/source/dashboard_manage_services.rst Normal file
View File

@ -0,0 +1,38 @@
=========================
View services information
=========================
As an administrative user, you can view information for OpenStack services.
#. Log in to the OpenStack dashboard and choose the
:guilabel:`admin` project from the drop-down list
at the top of the page.
#. On the :guilabel:`Admin` tab, click the :guilabel:`System Information`
category.
View the following information on these tabs:
* :guilabel:`Services`:
Displays the internal name and the public OpenStack name
for each service, the host on which the service runs,
and whether or not the service is enabled.
* :guilabel:`Compute Services`:
Displays information specific to the Compute service. Both host
and zone are listed for each service, as well as its
activation status.
* :guilabel:`Block Storage Services`:
Displays information specific to the Block Storage service. Both host
and zone are listed for each service, as well as its
activation status.
* :guilabel:`Network Agents`:
Displays the network agents active within the cluster, such as L3 and
DHCP agents, and the status of each agent.
* :guilabel:`Orchestration Services`:
Displays information specific to the Orchestration service. Name,
engine id, host and topic are listed for each service, as well as its
activation status.

159
doc/admin-guide-cloud/source/dashboard_manage_volumes.rst Normal file
View File

@ -0,0 +1,159 @@
===============================
Manage volumes and volume types
===============================
Volumes are the Block Storage devices that you attach to instances to enable
persistent storage. Users can attach a volume to a running instance or detach
a volume and attach it to another instance at any time. For information about
using the dashboard to create and manage volumes as an end user, see the
`OpenStack End User Guide <http://docs.openstack.org/user-guide/dashboard_manage_volumes.html>`_.
As an administrative user, you can manage volumes and volume types for users
in various projects. You can create and delete volume types, and you can view
and delete volumes. Note that a volume can be encrypted by using the steps
outlined below.
.. _create-a-volume-type:
Create a volume type
~~~~~~~~~~~~~~~~~~~~
#. Log in to the dashboard and choose the :guilabel:`admin`
project from the drop-down list at the top of the page.
#. On the :guilabel:`Admin` tab, open the :guilabel:`System` tab
and click the :guilabel:`Volumes` category.
#. Click the :guilabel:`Volume Types` tab, and click
:guilabel:`Create Volume Type` button. In the
:guilabel:`Create Volume Type` window, enter a name for the volume type.
#. Click :guilabel:`Create Volume Type` button to confirm your changes.
.. note::
A message indicates whether the action succeeded.
Create an encrypted volume type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#. Create a volume type using the steps above for :ref:`create-a-volume-type`.
#. Click :guilabel:`Create Encryption` in the Actions column of the newly
created volume type.
#. Configure the encrypted volume by setting the parameters below from
available options (see table):
Provider
Specifies the class responsible for configuring the encryption.
Control Location
Specifies whether the encryption is from the front end (nova) or the
back end (cinder).
Cipher
Specifies the encryption algorithm.
Key Size (bits)
Specifies the encryption key size.
#. Click :guilabel:`Create Volume Type Encryption`.
**Encryption Options**
The table below provides a few alternatives available for creating encrypted
volumes.
+--------------------+-----------------------+----------------------------+
| Encryption | Parameter | Comments |
| parameters | options | |
+====================+=======================+============================+
| Provider |nova.volume.encryptors.|Allows easier import and |
| |luks.LuksEncryptor |migration of imported |
| |(Recommended) |encrypted volumes, and |
| | |allows access key to be |
| | |changed without |
| | |re-encrypting the volume |
+ +-----------------------+----------------------------+
| |nova.volume.encryptors.|Less disk overhead than |
| |cryptsetup. |LUKS |
| |CryptsetupEncryptor | |
+--------------------+-----------------------+----------------------------+
| Control Location | front-end |The encryption occurs within|
| | (Recommended) |nova so that the data |
| | |transmitted over the network|
| | |is encrypted |
| | | |
+ +-----------------------+----------------------------+
| | back-end |This could be selected if a |
| | |cinder plug-in supporting |
| | |an encrypted back-end block |
| | |storage device becomes |
| | |available in the future. |
| | |TLS or other network |
| | |encryption would also be |
| | |needed to protect data as it|
| | |traverses the network |
+--------------------+-----------------------+----------------------------+
| Cipher | aes-xts-plain64 |See NIST reference below |
| | (Recommended) |to see advantages* |
+ +-----------------------+----------------------------+
| | aes-cbc-essiv |Note: On the command line, |
| | |type 'cryptsetup benchmark' |
| | |for additional options |
+--------------------+-----------------------+----------------------------+
| Key Size (bits)| 512 (Recommended for |Using this selection for |
| | aes-xts-plain64. 256 |aes-xts, the underlying key |
| | should be used for |size would only be 256-bits*|
| | aes-cbc-essiv) | |
+ +-----------------------+----------------------------+
| | 256 |Using this selection for |
| | |aes-xts, the underlying key |
| | |size would only be 128-bits*|
+--------------------+-----------------------+----------------------------+
`*` Source `NIST SP 800-38E <http://csrc.nist.gov/publications/nistpubs/800-38E/nist-sp-800-38E.pdf>`_
Delete volume types
~~~~~~~~~~~~~~~~~~~
When you delete a volume type, volumes of that type are not deleted.
#. Log in to the dashboard and choose the :guilabel:`admin` project from
the drop-down list at the top of the page.
#. On the :guilabel:`Admin` tab, open the :guilabel:`System` tab
and click the :guilabel:`Volumes` category.
#. Click the :guilabel:`Volume Types` tab, select the volume type
or types that you want to delete.
#. Click :guilabel:`Delete Volume Types` button.
#. In the :guilabel:`Confirm Delete Volume Types` window, click the
:guilabel:`Delete Volume Types` button to confirm the action.
.. note::
A message indicates whether the action succeeded.
Delete volumes
~~~~~~~~~~~~~~
When you delete an instance, the data of its attached volumes is not
destroyed.
#. Log in to the dashboard and choose the :guilabel:`admin` project
from the drop-down list at the top of the page.
#. On the :guilabel:`Admin` tab, open the :guilabel:`System` tab
and click the :guilabel:`Volumes` category.
#. Select the volume or volumes that you want to delete.
#. Click :guilabel:`Delete Volumes` button.
#. In the :guilabel:`Confirm Delete Volumes` window, click the
:guilabel:`Delete Volumes` button to confirm the action.
.. note::
A message indicates whether the action succeeded.

113
doc/admin-guide-cloud/source/dashboard_set_quotas.rst Normal file
View File

@ -0,0 +1,113 @@
.. _dashboard-set-quotas:
======================
View and manage quotas
======================
.. |nbsp| unicode:: 0xA0 .. nbsp
:trim:
To prevent system capacities from being exhausted without notification,
you can set up quotas. Quotas are operational limits. For example, the
number of gigabytes allowed for each tenant can be controlled so that
cloud resources are optimized. Quotas can be enforced at both the tenant
(or project) and the tenant-user level.
Typically, you change quotas when a project needs more than ten
volumes or 1 |nbsp| TB on a compute node.
Using the Dashboard, you can view default Compute and Block Storage
quotas for new tenants, as well as update quotas for existing tenants.
.. note::
Using the command-line interface, you can manage quotas for the
OpenStack Compute service, the OpenStack Block Storage service, and
the OpenStack Networking service (see :doc:`cli_set_quotas`).
Additionally, you can update Compute service quotas for
tenant users.
The following table describes the Compute and Block Storage service quotas:
.. _compute_quotas:
**Quota Descriptions**
+--------------------+------------------------------------+---------------+
| Quota Name | Defines the number of | Service |
+====================+====================================+===============+
| Gigabytes | Volume gigabytes allowed for | Block Storage |
| | each project. | |
+--------------------+------------------------------------+---------------+
| Instances | Instances allowed for each | Compute |
| | project. | |
+--------------------+------------------------------------+---------------+
| Injected Files | Injected files allowed for each | Compute |
| | project. | |
+--------------------+------------------------------------+---------------+
| Injected File | Content bytes allowed for each | Compute |
| Content Bytes | injected file. | |
+--------------------+------------------------------------+---------------+
| Keypairs | Number of keypairs. | Compute |
+--------------------+------------------------------------+---------------+
| Metadata Items | Metadata items allowed for each | Compute |
| | instance. | |
+--------------------+------------------------------------+---------------+
| RAM (MB) | RAM megabytes allowed for | Compute |
| | each instance. | |
+--------------------+------------------------------------+---------------+
| Security Groups | Security groups allowed for each | Compute |
| | project. | |
+--------------------+------------------------------------+---------------+
| Security Group | Rules allowed for each security | Compute |
| Rules | group. | |
+--------------------+------------------------------------+---------------+
| Snapshots | Volume snapshots allowed for | Block Storage |
| | each project. | |
+--------------------+------------------------------------+---------------+
| VCPUs | Instance cores allowed for each | Compute |
| | project. | |
+--------------------+------------------------------------+---------------+
| Volumes | Volumes allowed for each | Block Storage |
| | project. | |
+--------------------+------------------------------------+---------------+
.. _dashboard_view_quotas_procedure:
View default project quotas
~~~~~~~~~~~~~~~~~~~~~~~~~~~
#. Log in to the OpenStack dashboard.
#. On the :guilabel:`Admin` tab, open the :guilabel:`System` tab
and click the :guilabel:`Defaults` category.
#. The default quota values are displayed.
.. note::
You can sort the table by clicking on either the
:guilabel:`Quota Name` or :guilabel:`Limit` column headers.
.. _dashboard_update_project_quotas:
Update project quotas
~~~~~~~~~~~~~~~~~~~~~
#. Log in to the OpenStack dashboard.
#. On the :guilabel:`Admin` tab, open the :guilabel:`System` tab
and click the :guilabel:`Defaults` category.
#. Click the :guilabel:`Update Defaults` button.
#. In the :guilabel:`Update Default Quotas` window,
you can edit the default quota values.
#. Click the :guilabel:`Update Defaults` button.
.. note::
The dashboard does not show all possible project quotas.
To view and update the quotas for a service, use its
command-line client. See :doc:`cli_set_quotas`.

40
doc/admin-guide-cloud/source/dashboard_view_cloud_resources.rst Normal file
View File

@ -0,0 +1,40 @@
===========================
View cloud usage statistics
===========================
The Telemetry service provides user-level usage data for
OpenStack-based clouds, which can be used for customer billing, system
monitoring, or alerts. Data can be collected by notifications sent by
existing OpenStack components (for example, usage events emitted from
Compute) or by polling the infrastructure (for example, libvirt).
.. note::
You can only view metering statistics on the dashboard (available
only to administrators).
The Telemetry service must be set up and administered through the
:command:`ceilometer` command-line interface (CLI).
For basic administration information, refer to the "Measure Cloud
Resources" chapter in the `OpenStack End User Guide
<http://docs.openstack.org/user-guide/>`_.
.. _dashboard-view-resource-stats:
View resource statistics
~~~~~~~~~~~~~~~~~~~~~~~~
#. Log in to the OpenStack dashboard as a user with Admin privileges.
#. On the :guilabel:`Admin` tab, click the :guilabel:`Resource Usage` category.
#. Click the:
* :guilabel:`Usage Report` tab to view a usage report per tenant (project)
by specifying the time period (or even use a calendar to define
a date range).
* :guilabel:`Stats` tab to view a multi-series line chart with
user-defined meters. You group by project, define the value type
(min, max, avg, or sum), and specify the time period (or even use
a calendar to define a date range).